Can anybody tell me what to look for on the serve side? I may have been hit with this (again).
After the last time I immediately updated two installs of popbb that I couldn’t deactivate (one being active and the other well I neede to access email through that domain) and deactivated everything else that had either phpBB, phpnuke or one of the variations installed on it (and updated a couple of them later when I had more time). By deactivate I mean I went into NodeWorx and deactivated them.
Now I have several sites which do not resolve (most with .org extentions but not all)
awalktorememberonline.org (Drupan and phpBB)
awalktorememberonline.com
awalktorememberonline.net (the last two are pointer domains to the first)
This site got two large hits of bandwidty yestrday afternoon and evening which makes me think this was the phpbb exploit.
michaelwsmithfans.org (Dripal is installed but the current phpBB is in the /forum directory)
followhimbooks.com
followhimbooks.org (separate sites, both of which are empty)
efictionarchive.net (blank . . . I think)
fanlists.net (blank)
liberateamericandemocracy.org (blank)
americanfreedemocracy.org (blank)
bradybunchonline.org (blank site)
savestartrek.org (blank site)
friendsinfaithonline.org (this site was inactive before but has mysteriously shown up as inactive)
annefrankmemorial.org (blank site with moodle installed in the /moodle subdirectory/subdomain)
There are more if anyone wants to know them but this should be enough.
I rebooted my server (had a kernal update last week and it needed it anyway)
I stopped and started my httpd (no errors)
I would try the dns server but am not sire what the service name is.
Chris mentioned that a script was in the /tmp directory the last time and I’ve deleted everything in there)
Anybody have any ideas?